我的任务是处理涉及以下情形的一些SharePoint工作。从Active Directory中获取用户权限在SharePoint组中
在某些情况下,用户处于活动目录组,并且在某些情况下将AD组分配给SharePoint组。
我的问题是如何检查SPUser的权限,如果用户没有直接分配到组/权限但实际上在Active Directory组中?我需要检查用户的权限级别。
例如:
用户:用户X 属于AD组“SHAREPOINT_POWER_USERS”,这组具有“投稿”权限和属于一个SharePoint组“IT支持组”。
有没有办法以编程方式检索此用户不存在于advaned权限或sharepoint组?我可以通过如下方式访问:
//Pseudocode to access groups
SPUser user = SPContext.Current.Web.CurrentUser;
SPGroupCollection collection = user.Groups;
请让我知道这是如何工作的。
谢谢。
简单。使用SPUtility.GetPrincipalsInGroup。
存在旧的帖子在这里一个很好的例子:Getting members of an AD domain group using Sharepoint API
,如果我有一个AD用户用户X,添加到AD组“TestADGroup” 现在,在SharePoint我有这样的AD组“TestSPGroup”
以下将返回true ..如果UserX登录 web.IsCurrentUserMemberOfGroup(web.Groups [“TestSPGroup”]。ID);
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.iscurrentusermemberofgroup.aspx
你可以去对广告本身,直接,得到会员的团体,如果他们是有权限的对象的成员的群体之一,您授权(即显示对象,等等。)。
尝试:http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#39
public ArrayList Groups(string userDn, bool recursive)
{
ArrayList groupMemberships = new ArrayList();
return AttributeValuesMultiString("memberOf", userDn,
groupMemberships, recursive);
}
public string AttributeValuesSingleString
(string attributeName, string objectDn)
{
string strValue;
DirectoryEntry ent = new DirectoryEntry(objectDn);
strValue = ent.Properties[attributeName].Value.ToString();
ent.Close();
ent.Dispose();
return strValue;
}
public string GetObjectDistinguishedName(objectClass objectCls,
returnType returnValue, string objectName, string LdapDomain)
{
string distinguishedName = string.Empty;
string connectionPrefix = "LDAP://" + LdapDomain;
DirectoryEntry entry = new DirectoryEntry(connectionPrefix);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
switch (objectCls)
{
case objectClass.user:
mySearcher.Filter = "(&(objectClass=user)
(|(cn=" + objectName + ")(sAMAccountName=" + objectName + ")))";
break;
case objectClass.group:
mySearcher.Filter = "(&(objectClass=group)
(|(cn=" + objectName + ")(dn=" + objectName + ")))";
break;
case objectClass.computer:
mySearcher.Filter = "(&(objectClass=computer)
(|(cn=" + objectName + ")(dn=" + objectName + ")))";
break;
}
SearchResult result = mySearcher.FindOne();
if (result == null)
{
throw new NullReferenceException
("unable to locate the distinguishedName for the object " +
objectName + " in the " + LdapDomain + " domain");
}
DirectoryEntry directoryObject = result.GetDirectoryEntry();
if (returnValue.Equals(returnType.distinguishedName))
{
distinguishedName = "LDAP://" + directoryObject.Properties
["distinguishedName"].Value;
}
if (returnValue.Equals(returnType.ObjectGUID))
{
distinguishedName = directoryObject.Guid.ToString();
}
entry.Close();
entry.Dispose();
mySearcher.Dispose();
return distinguishedName;
}